IT companies are failing to secure devices connected to the internet, leaving them open to hackers. This shocking report reveals how anything from your pins to your passport could now be accessed online.

"Is this your pin? Is this a letter you received from your bank? Do you have a HP e-Print scanner?" The young man answers yes to every question, stunned that all of his information was accessible on the internet for anyone who wanted to see it. And he's not alone: the wealth of information available is staggering. From shop owners whose security cameras can be watched and controlled remotely, to medical records and confidential documents for international companies like Unilever, Orange and KLM, it's a bonanza for any would-be hackers. While it would be simple for the IT firms who provide printers, scanners and software to make the system more secure, they don't see it as their problem and argue that attending to basic safety protocols is a bit of a marketing nightmare. "There are people who know all about how this works, security-wise, but it's too much trouble to explain all that." One company went so far as to call consumers who didn't know they had to change their passwords "idiots". As the rate of technological change continues at a frightening pace, do technology companies have a duty to prevent our privacy being eroded?

In essence network enabled devices are by default not secure coming with security disabled or with standard login and passwords; in my experience most routers were similarly insecure but I'm not sure that is any longer true.

Mostly it says that your average punter does not look out for themselves very well

Larger MFDs, (printer/copier/scanners) are more secure these days, Most now encrypt their hard drives by default.

Routers are getting a little more proactive, tending to use the serial number as a default password, which means you at least need physical access to find it out.

I frequently tell customers to change the default password on MFDs, but I am often ignored.
I also set an invalid gateway address, unless there is internal routing, or the device needs internet access for scan to email etc.

I remember years ago, when connected devices were quite new, I did a search for "network printer" and three Canon printers in the University of Edinburgh were in the top ten results, I was able to log in to their web page and check their settings!

The sig between the asterisks is so cool that only REALLY COOL people can even see it!

Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.

guy wrote:Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.

The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc

guy wrote:Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.

The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc

So, does cloud technology necessarily require NAS devices? Is that particular NAS device a popular hardware item with cloud storage service providers? Just because you have a rack of NAS devices doesn't necessarily mean you have installed a cloud on them.

guy wrote:Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.

The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc

So, does cloud technology necessarily require NAS devices? Is that particular NAS device a popular hardware item with cloud storage service providers? Just because you have a rack of NAS devices doesn't necessarily mean you have installed a cloud on them.

It is referring to personal NAS storage that is open to the internet like a Imoga NAS, which are open by default.

guy wrote:So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:This is why you should NOT rely on the cloud:

I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.

No its not home sprung, it bought NASes for home use that have been configured incorrectly... said NAS then used to store important data beit personal or home workers storing company stuff.

Same goes for MFD printers, open to the cloud again through bad configuration - some you can't set passwords on. So if you have the cloud services enabled left documents in the scanner can be access and printed by the hacker at their location. As demo'd in the video.

Well, by homespun I mean you went out and bought a NAS and plugged it into your home network and maybe tinkered or maybe not.

You talk about "open to the cloud" and "cloud services enabled". With what meaning do you use the word "cloud"? I know a little about cloud storage, cloud computing and cloud services (as services architected on computer clouds) and none of those seems to be what you mean. Do you just mean "the whole darn Internet"? I'd certainly agree you shouldn't rely on that!

Ram wrote:Cloud is a buzz word for the internet as far as I'm concerned.

Ah, that explains a lot. Some of us old pro's adopted the word to describe a networked system architecture where the software platforms are independent of the underlying hardware. Virtualization is a key ingredient, with software defined networking (think of it as virtual networks) fast becoming equally essential.

Most of the Internet is not at all like that - at least, not yet. For example, note how some long-established Internet companies like Amazon and Google are getting very excited about the cloud revolution. One can hardly maintain that the revolutionary new thing, the cloud, is the same as the clunky old thing, the Internet.

If I saw a NAS with "cloud" in its sales blurb, I would expect specifically that I could create distinct storage areas for different users and expand these by striping across additional NAS units as capacity requirements rose, in other words the client-visible storage space is wholly independent of the individual hardware units. Furthermore, I would expect it to be a lot smarter, more automated and inherently secure than the old logical volume management (LVM). If your NAS doesn't do all that, then IMHO it does not offer a "personal cloud". And if it does but you aren't using it that way, then you are still not using the cloud, never mind relying on it.

Similarly if a printer offers "cloud services" I would expect that to mean that it will communicate seamlessly with and print directly from say my Google Drive using Google Cloud Print (see for example Google's current list of cloud-ready printers). I would not regard printing say a Google Map from my web browser as meeting that definition.

Ask the manufacturer and they will probably say that their device should be placed behind a properly-configured firewall - it's just that all too many folks, home users and corporate sysadmins alike, don't think about network security. If your firewall is indeed letting through spoof cloud services, just think what else it has been letting through all these years....